New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Maybe you can try deploying a DMARC record
See: https://support.google.com/a/answer/2466580
I would think that Google would at least use SPF records, so it's not clear to me that you're being spoofed. Maybe phished instead. Hard to say without seeing the actual emails, or understanding your relationship to the senders.
Compromised mailbox?
Should be the first thought, definitely. The bounce emails most likely contain headers fully in tact from the recipient server, and that will show where they were sent from. If it's not Gmail, go straight for SPF/DMARC solutions.
Mxtoolbox.com type your domain and find problems. Fix them and see if it has a better effect.
Please no
Use mail-tester.com. MXtoolbox is over sensitive and is either designed to get ad revenue or was just made by people who barely know anything about how email works.
Not just over sensitive, it breaks on a default install of cPanel.
Someone emailed me with the subject "STOP EMAILING ME" but... I never even emailed him. I also got this on my gsuite inbox... I do not know how. help please.
I'm afraid I wasn't able to deliver the following message.
This is a permanent error; I've given up. Sorry it didn't work out.
Subject: =?UTF-8?B?aG9va3VwIHdpdGggbG9jYWwgc2luZ2xlIHdvbWVuIGFuZCBnZXQgbGFpZCB0b25pZ2h0IGF0IHRoZSBvcmlnaW5hbCBGYWNlYm9vayBvZiBzZXgu?=
To: [email protected]
---Below this line is a copy of the message.
Received: from 127.0.0.1 (EHLO web.quixote44.wanadoo.co.uk) (190.234.28.12)
by mta1332.mail.ne1.yahoo.com with SMTP; Thu, 10 Nov 2016 21:35:09 +0000
Received: by web.quixote44.wanadoo.co.uk id h4jk0i1613gl for xxxxxxx@yahoo.com; Fri, 11 Nov 2016 00:34:54 +0300 (envelope-from myemail@mydomain.com)
From: [email protected]
Subject: =?UTF-8?B?aG9va3VwIHdpdGggbG9jY
@MissFortune if dkim is working on your doamin and you got your spf records setup correctly to include all possible host that legit send using your domain.
You can try adding a dmarc record set to reject like this dns txt record _dmarc.youdomain.tld value v=DMARC1; p=reject then major email providers like (Gmail,Hotmail/Outlook,Yahoo) and other service which checked dmarc will just reject the email if it fails spf or dkim check's.
SPF records are done properly but not sure why mail like this in coming to my inbox.
http://imgur.com/a/lx5FA
Unfortunately not all servers reject SPF failures in a way that doesn't bounce the email.
And? Spam lies. They say you owe the IRS money. They say they have an invoice from/for you. They say you're emailing them. They're doing whatever they can do to get your attention to read the message, and maybe even click on some malware link they include.
You don't include enough to do a proper analysis, but the IP given is a starting point. That's coming from Peru, not the UK. Spammers lying again. I already have the entire 190.0.0.0/8 in my firewall (LACNIC is awful).
But, of course, I have no idea what your email setup really is. You may be compromised, but you also may just use the same email address everywhere and so you're getting a lot of spam directed to you from sources unknown. I use a disposable email address just about everywhere, so I know exactly how spammers are finding me (mainly through job sites these days, and secondarily through an Apple affiliate program that sold me out).